Signed-off-by: Derek Lesho dereklesho52@Gmail.com --- dlls/ntoskrnl.exe/ntoskrnl.c | 23 +++++++++++++++++++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- dlls/ntoskrnl.exe/tests/driver.c | 19 +++++++++++++++++++ 3 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 61a3e4ba92..335918f99f 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -2987,6 +2987,29 @@ HANDLE WINAPI PsGetCurrentThreadId(void) }
+/*********************************************************************** + * PsIsSystemThread (NTOSKRNL.EXE.@) + */ +BOOLEAN WINAPI PsIsSystemThread(PETHREAD thread) +{ + HANDLE hThread; + DWORD tid = 0; + + if (!thread) + return TRUE; + + /* get handle, then id */ + if ((hThread = kernel_object_handle( thread, THREAD_ALL_ACCESS ))) + { + tid = GetProcessId( hThread ); + NtClose(hThread); + } + + /* Should only show up as client_tid but request_thread is added for redundancy */ + return tid != client_tid && tid != request_thread; +} + + /*********************************************************************** * PsGetVersion (NTOSKRNL.EXE.@) */ diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index 43f47470a9..0e9e6a7630 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -907,7 +907,7 @@ @ stdcall PsImpersonateClient(ptr ptr long long long) @ stub PsInitialSystemProcess @ stub PsIsProcessBeingDebugged -@ stub PsIsSystemThread +@ stdcall PsIsSystemThread(ptr) @ stub PsIsThreadImpersonating @ stub PsIsThreadTerminating @ stub PsJobType diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index 88237461d5..c436f2c3d9 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -814,6 +814,24 @@ static void test_ob_reference(const WCHAR *test_path) ok(!status, "ZwClose failed: %#x\n", status); }
+static void WINAPI system_thread( void *arg ) +{ + BOOLEAN result; + + ok((result = PsIsSystemThread()), "got %u\n", result); + + PsTerminateSystemThread( STATUS_SUCCESS ); +} + +static void test_system_thread() +{ + BOOLEAN result; + + ok(!(result = PsIsSystemThread()), "got %u\n", result); + + run_thread( system_thread, (void*)0 ); +} + static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack, ULONG_PTR *info) { ULONG length = stack->Parameters.DeviceIoControl.OutputBufferLength; @@ -856,6 +874,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st test_stack_callout(); test_lookaside_list(); test_ob_reference(test_input->path); + test_system_thread();
/* print process report */ if (winetest_debug)